diff --git a/Kernel/Arch/i386/CPU.h b/Kernel/Arch/i386/CPU.h
index c1980f0da4..482247a2d2 100644
--- a/Kernel/Arch/i386/CPU.h
+++ b/Kernel/Arch/i386/CPU.h
@@ -447,6 +447,14 @@ inline void read_tsc(u32& lsw, u32& msw)
                  : "=d"(msw), "=a"(lsw));
 }
 
+inline u64 read_tsc()
+{
+    u32 lsw;
+    u32 msw;
+    read_tsc(lsw, msw);
+    return ((u64)msw << 32) | lsw;
+}
+
 struct Stopwatch {
     union SplitQword {
         struct {
diff --git a/Kernel/Syscall.cpp b/Kernel/Syscall.cpp
index b9e0391e35..98cecb5343 100644
--- a/Kernel/Syscall.cpp
+++ b/Kernel/Syscall.cpp
@@ -92,6 +92,12 @@ int handle(RegisterDump& regs, u32 function, u32 arg1, u32 arg2, u32 arg3)
 
 void syscall_handler(RegisterDump regs)
 {
+    // Apply a random offset in the range 0-255 to the stack pointer,
+    // to make kernel stacks a bit less deterministic.
+    auto* ptr = (char*)__builtin_alloca(read_tsc() & 0xff);
+    asm volatile(""
+                 : "=m"(*ptr));
+
     auto& process = current->process();
 
     if (!MM.validate_user_stack(process, VirtualAddress(regs.esp_if_crossRing))) {